Palestine Action: Operations and Global Network
Executive Summary Palestine Action has almost certainly responded to its July 2025 designation as a terrorist organization in the United Kingdom (UK) by...
Implications of Russia-India-China Trilateral Cooperation
Executive Summary Insikt Group assesses that the August 2025 meeting of Chinese Communist Party (CCP) General Secretary Xi Jinping, Indian Prime Minister Narendra...
Investigating an adversary-in-the-middle phishing campaign targeting Microsoft 365 and Okta users
In this post, we investigate a recent phishing campaign that targets Microsoft 365 users. - Read more
Phishers Get Creative: The NoteGPT Twist You Didn’t See Coming
By: Hendrix Garcia, Cofense Phishing Defense CenterNoteGPT is an AI-generated tool that converts lengthy lectures, meetings, or videos into concise, easy-to-read notes in just...
Cofense Delivers Faster, Smarter Phishing Defense with New Capabilities
LEESBURG, Va., December 9, 2025 - Cofense, the leader in intelligence-driven phishing defense, today announced significant advancements across its portfolio, introducing Smart Reinforcement within its...
GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries
Note: The analysis cut-off date for this report was November 10, 2025 Executive Summary Insikt Group continues to monitor GrayBravo (formerly tracked as...
5 Real-Word Third-Party Risk Examples
Key Takeaways Static vendor checks fall short: Traditional, point-in-time third-party risk management practices (e.g. annual questionnaires) leave organizations blind to emerging vendor...
10 Years of Let’s Encrypt Certificates
On September 14, 2015, our first publicly-trusted certificate went live. We were proud that we had issued a certificate that a significant majority of...
November 2025 CVE Landscape: 10 Critical Vulnerabilities Show 69% Drop from October
November 2025 saw a significant 69% decrease in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 10 vulnerabilities requiring immediate attention, down from...
ShellShock Makes a Comeback and RondoDox Changes Tactics
Legacy bugs continue to serve attackers. - Read more
Latest article
CVE-2026-41940: cPanel & WHM Authentication Bypass
OverviewOn April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In...
Cursor Extension Flaw Exposes Developer API Keys
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX - Read more
CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only. - Read more
ClickUp Data Leak Exposes Enterprise Emails for Over a Year
A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns.
The post ClickUp Data...
